Now Reading
Ask HN: How do you belief that your private machine is just not compromised?

Ask HN: How do you belief that your private machine is just not compromised?

2023-01-15 06:20:52

Like others here are saying, you can never be 100% sure. But that doesn’t mean there’s nothing you can do.

If you’re worried about the impact to your broader organization (which is what most of the sophisticated threats tend to target), you should think about risk mitigation through the Swiss Cheese defense model. Each system is inevitably going to have holes, but layering them on top of one another incrementally improve your coverage.

For instance:

– Your team should be trained about phishing attacks. But inevitably some will get through, so…

– You should implement 2FA in case a password is compromised. But a threat actor may be able to capture a 2FA-passed SSO session token, so…

– Production access should be limited to a small number of individual. But even they might get compromised, so…

– You should programmatically rotate credentials to make old leaked credentials useless. But a newer one might be captured, so…

– Data should be sufficiently encrypted at rest and in transit, and…

– Your team should have an incident management system and culture in place to quickly respond to customer reported incidents and escalate it to the right level and…

– Audit logs should be tracked to understand the blast radius in case of compromise
– and so forth

When you look at incidents like CircleCI and LastPass, a good security organization will talk in detail about how they are shoring up security at multiple levels.

Here’s a short, fairly practical guide that you might find helpful: https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-…. It’s aimed principally at small companies, however I discover lots of the steerage to be fairly related to my private IT.

My even shorter (and incomplete) abstract of the doc could be: configure your router and firewall; take away default passwords and crapware out of your units; use a lock display; do not run as root; use a password supervisor and respectable passwords; allow 2FA in all places you’ll be able to; allow anti-malware in case your OS has it constructed it; do not run software program from untrusted sources; patch repeatedly.

There are additionally different controls that you could select to impose on your self. For instance, I require full-disk encryption, and I’ll solely use cell units which get common updates. Can be serious about listening to different issues that HN’ers do to restrict danger.

Would be interested in hearing other things that HN’ers do to limit risk.

Mostly the same basics as you. The document you linked is a good starting point.

I’d add extensive use of virtualisation and sandboxing. I run less and less software as native, installed applications on any device I use personally or professionally. Instead it tends to run inside things like VMs or Docker containers or cloud-hosted platforms now.

My basic policy is to try and make every device and installed application expendable/replaceable in case anything breaks or gets compromised and then focus on the data. I apply the principle of least privilege for access to any sensitive data, try to keep all important data in standardised formats and avoid lock-in effects as much as reasonably possible, and keep good back-ups under my own control with the ability to redeploy/restore anything quickly and as automatically as possible.

Bios? I’m not sure I can ever be certain.

For the rest, I run a pretty esoteric setup (compiled-from-source custom configured linux kernel with no binary blobs; all software compiled from source, with no exceptions; aggressive, burdonsome-to-me privilege separation; chroots and VMs for various degrees of potential threat; etc). I have no illusions that it is perfectly safe. What I am comfortable with is that, in order to compromise me, you would have to know a lot about what I run and how I run it. I believe that I would have to be nearly individually targeted to extract any useful data from my machine, and that I am not nearly a valuable enough target for anyone to do so. I think you would have to be a state-level actor or someone with similar capabilities to compromise me, and none of them would care enough.

My security paranoia stems from extremely sensitive work I did as a lawyer long ago, but I am now so used to it that I carry on as a scientist, even though my current work is not nearly so sensitive (if at all). I give up a lot of convenience and some functionality to operate this way, so it is not for everyone. I am not an adversary to anyone, so outside state actors surely don’t care about me. And my own government can just get a warrant and knock on my door, so they don’t care about me either.

Embedded device firmware besides the bios is probably my main vulnerability, but if you’re successfully getting at me through my hard drives or mouse, then I was surely an incidental rather than actual target.

Great question. I don’t anymore. Decades ago when I had a 286 and knew what each file did and what all the software was, and threats were limited and crude, I had good confidence of controlling my machine. Today, when my laptop has millions of files and each website – even hacker news – could inject something malicious and my surface is so broad (browsers applications extensions libraries everything) and virtually anything I do involves network connections… I just don’t have the confidence.

FWIW, I try to segregate my machines for different categories of behaviour – this laptop is for work, this one is for photos and personal documents, this one is for porn, this one is if I want to try something. But even still my trust in e. G. software vlan on my router and access controls on my NAS etc are limited in this day and age.

I feel today it’s not about striving for zero risk (for 99.99 of people) , but picking the ratio of overhead and risk you’re ok with. And backups. (bonus question – how to make backups safe in age of encrypting ransom ware).

I have a backup NAS that’s normally powered off, but it’s scheduled to turn on, perform backup, shut down.

It doesn’t wake on LAN and there should be no way of knowing it exists outside of checking DHCP static addresses reservations – and now that I mention it, maybe I should remove it from there too.

This minimises the size of the window, and network-snoopable information, required to compromise this set of backups.

You really can’t, anymore. You can watch traffic and hope that anything nasty isn’t communicating with the outside world, but then there’s all sorts of side channels that you may not know to watch.

At some point you just have to admit there’s limits to privacy and work with them. You paper journal could be stolen and read / rewritten too, yaknow? It’s not a new problem, its just in a new context.

BIOS/Firmware: I just do, if I am compromised then I won’t find out anyway.

OS/app level: occasional AV scans, though I don’t trust clamav as much as I trust Windows antivirus.

I should really properly set up secure boot on my desktop to make rootkits harder to install, but Linux and secure boot are just too much of a kludge.

I don’t have ultimate trust in any software or hardware, but I get to “good enough” by deciding which providers I trust:

* Software: Canonical, Google, Microsoft, Valve, Oracle, Dropbox. I install software from their official repos. Anything 3rd-party/unofficial/experimental/GitHub goes in a VM.

* Hardware: I built my main PC from mainstream commodity components. I have no way of knowing if there are secret backdoors but I consider it unlikely.

I’m also privileged enough to not be a “person of interest” so don’t feel the need to take any extraordinary precautions.

Yes, I’m aware of VM escapes. Yes, I’ve read Reflections on Trusting Trust. I choose to trust regardless because life’s too short for paranoia. As Frank Drebin said:

“You take a chance getting up in the morning, crossing the street, or sticking your face in a fan.”

“which providers I trust:

* Software: Google, Microsoft”

I trust that Google and Microsoft won’t hack into my bank account and steal money, even though they could, but otherwise I assume they collect anything they want and can.

The reality is that you cannot trust that your machines are not compromised.

The only option we are left with is to operate under the assumption that, indeed, our machines are permanently compromised.

I’m reasonably sure that my personal machine is less compromised than the average, but I can’t and will never be able to ensure that it is not compromised because I have no way to know everything the machine trying to do. This remains true even when you have an entirely free and directly inspectable hardware; you simply have no knowledge and time to verify everything. Just keep a reasonable amount of precaution and skepticism.

See Also

Noone has drained my crypto from my wallets yet.

So either my personal machine is not compromised, or they think the amount of crypto in the wallets is too low.

Jokes on them though, cause I am moving my crypto to a hardware wallet eventually

The biggest thing is being deliberate about your threat model. Who would want to get onto your systems, and how much do they care about you in particular?

From there, take appropriate actions. For the vast, vast majority of us, that means using good passwords, updating software, and not running weird things from the internet.

If you’re worried about 0 click RCE in Chrome/Windows/iOS, you either should be getting better advice from folks outside of HN, or are being unrealistic about who is coming after you.

I don’t. I am real picky with downloading software for my personal machine and I sometimes explore with process explorer and I run sketchy stuff in a sandbox but I don’t trust that my personal machine is not compromised.

Reminds me of the time I was watching a creepypasta horror movie about some guy who gets strange phone calls and my phone rang.

I think this guy had gotten my phone number from my HN profile and he thought I might be able to help him. He thought his android phone was infected by malware and he knew who did it. I told him the people who repair cell phones at the mall could do a system reset on his phone…. Unless he was dealing with state-level actors in which case it might be an advanced persistent threat and it might be permanent.

There are two levels here: compromised by some national agency vs. compromised by anyone else.

For the former, I don’t assume anything especially since I’m not an American citizen. I still believe with some certainty that my iPhone is safe from the government but not 100%

Just some generic things that should help avoid or clean up after a compromise.

– clean reinstall every month, just pick a new flavor of Linux to try out. (also helps ensure I have proper backups and scripts for setting up environment)

– Dev work I usually do in docker containers, easy to set up/nuke environments.

– Open source router with open source bios (apu2), firewall on it, usually reinstall once in a while.

– Spin up VMs via scripts for anything else. (games – windows VM with passthrough GPU for example)

– automatic updates everywhere.

I just have a clone of a clean windows VM.

If something breaks or I get bored, nuke the active one and start clone, update it and make another backup, then reinstall games again.

On the other hand, gpu pass-through breaks once in a while and is annoying to fix.

I try to follow what others already mentioned, but still, for any personal high-security stuff I use a device whose OS puts strong limits on apps, like an iPad.

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top